One type of denial of service (DoS) attack in a network involves an attacker flooding packets to a router that are addressed to a large number of Internet Protocol version 6 (IPv6) addresses derived from the same subnet (e.g., the /64 subnet). IPv6 neighbor discovery (ND), as outlined in the Internet Engineering Task Force (IETF) request for comments (RFC) 4861, states that the router should create an ND cache entry for each of the requested addresses and keep the entries for some time (e.g., multiple seconds). In addition, IPv6 ND also requires that the router multicast neighbor solicitation (NS) messages for each of the addresses that were not originally in the ND cache of the router. Thus, during an ND-based DoS attack, the ND cache of the router may become saturated with packets that have fake addresses and the attack traffic may maliciously consume the resources of the router that would otherwise be used by legitimate traffic. In addition, since a multicast NS message is typically broadcast by all of the wireless access points in a wireless network at the lowest speed possible, the attack may overload the available bandwidth across the fabric of the network.